Attorney Docket No. 9204-10 

THAT WHICH IS CLAIMED IS: 

1. A method of accessing devices on a private 
network via a client on a public network, the method 
comprising the following steps performed by a gateway on 
the private network: 

5 receiving a request from the client to access a 

Web server of a device on the private network, wherein 
the Web server has an address that is valid on the 
private network but is not valid on the public network; 

redirecting the received client request to the 
10 Web server of the device on the private network; 

scrubbing a Web page served by the Web server 
in response to the received client request, comprising 
replacing an address in the Web page that is not valid on 
the public network with an address that is valid on the 
15 public network; and 

serving the scrubbed Web page to the client. 

2. The method according to Claim 1, further 
comprising the following steps performed by the gateway 
prior to receiving a request from the client to access a 
Web server of the device: 

5 ascertaining rights of a user to access one or 

more devices on the private network; and 

serving a Web page to the client that 
identifies each device on the private network for which 
the user has access rights, wherein the Web page includes 
10 a link to a Web server of each device on the private 

network for which the user has access rights. 

3. The method according to Claim 2, further 
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comprising the step of accepting a user log-in request 
from the client prior to ascertaining rights of the user, 
wherein the user log-in request includes an 
5 identification of the user. 

4. The method according to Claim 2, wherein 
each link to a Web server includes a uniform resource 
locator (URL) for the gateway that is valid on the public 
network and an identification of a gateway port that is 

5 mapped to a respective Web server, and wherein each link 

is configured to send a request to a respective Web 
server via the gateway at an identified gateway port. 

5. The method according to Claim 1, wherein 
the scrubbing step comprises replacing an address in the 
Web page that is valid only on the private network with a 
URL for the gateway that is valid on the public network 

5 and an identification of a gateway port that is mapped to 

the replaced address. 

6. The method according to Claim 2, wherein 
the step of serving a Web page to the client comprises: 

scanning a range of private network addresses 
to identify Web servers listening on one or more selected 
5 ports; 

mapping each identified Web server to a 
respective gateway port; and 

creating a Web page that contains a respective 
link to each gateway port for each device for which the 
10 user has access rights. 

7. A method of accessing devices on a private 
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network via a client on a public network, wherein each 
device includes a Web server having an address that is 
valid on the private network, but is not valid on the 
5 public network, the method comprising the following steps 

performed by a gateway on the private network: 

ascertaining rights of a user to access one or 
more devices on the private network; 

serving a Web page to the client that 
10 identifies each device on the private network for which 

the user has access rights, wherein the Web page includes 
a link to a Web server of each device on the private 
network for which the user has access rights; 

receiving a request from the client to access a 
15 Web server of a device on the private network in response 

to user activation of a link on the Web page; 

redirecting the received client request to the 
Web server ; 

scrubbing a Web page served by the Web server 
20 in response to the received client request, comprising 

removing links to Web servers of devices for which the 
user does not have access rights; and 

serving the scrubbed Web page to the client. 

8. The method according to Claim 7, further 
comprising the step of accepting a user log- in request 
from the client prior to ascertaining rights of the user, 
wherein the user log-in request includes an 
5 identification of the user. 



9. The method according to Claim 7, wherein 
the scrubbing step further comprises replacing an address 
in the Web page that is not valid on the public network 
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with an address that is valid on the public network. 

10. The method according to Claim 7, wherein 
each link to a Web server includes a uniform resource 
locator (URL) for the gateway that is valid on the public 
network and an identification of a gateway port that is 
mapped to a respective Web server, and wherein each link 
is configured to send a request to a respective Web 
server via the gateway at an identified gateway port. 

11. The method according to Claim 7, wherein 
the step of serving a Web page to the client comprises : 

scanning a range of private network addresses 
to identify Web servers listening on one or more selected 
ports ; 

mapping each identified Web server to a 
respective gateway port; and 

creating a Web page that contains a respective 
link to each gateway port for each device for which the 
user has access rights . 

12 . A method of accessing devices on a private 
network via a client on a public network, wherein each 
device includes a Web server having an address that is 
valid on the private network, but is not valid on the 
public network, the method comprising the following steps 
performed by a gateway on the private network: 

ascertaining rights of a user to access one or 
more devices on the private network; 

serving a Web page to the client that 
identifies each device on the private network for which 
the user has access rights, wherein the Web page includes 
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a link to a Web server of each device on the private 
network for which the user has access rights, wherein 
each link, to a Web server includes a uniform resource 

15 locator (URL) for the gateway that is valid on the public 

network and an identification of a gateway port that is 
mapped to a respective Web server, and wherein each link 
is configured to send a request to a respective Web 
server via the gateway at an identified gateway port; 

20 receiving a request from the client to access a 

Web server of a device on the private network in response 
to user activation of a link on the Web page; 

redirecting the received client request to the 
Web server; 

25 scrubbing a Web page served by the Web server 

in response to the received client request, comprising: 
removing links to Web servers of devices 
for which the user does not have access rights ; 
and 

3 0 replacing an address in the Web page that 

is not valid on the public network with an 
address that is valid on the public network; 
and 

serving the scrubbed Web page to the client. 

13. The method according to Claim 12, further 
comprising the step of accepting a user log-in request 
from the client prior to ascertaining rights of the user, 
wherein the user log-in request includes an 
5 identification of the user. 



14. The method according to Claim 12, wherein 
the step of serving a Web page to the client comprises: 
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scanning a range of private network addresses 
to identify Web servers listening on one or more selected 
5 ports; 

mapping each identified Web server to a 
respective gateway port; and 

creating a Web page that contains a respective 
link to each gateway port for each device for which the 
10 user has access rights. 



15. A gateway system that permits access to 
devices on a private network via a client on a public 
network, comprising: 

means for receiving a request from the client 
5 to access a Web server of a device on the private 

network, wherein the Web server has an address that is 
valid on the private network but is not valid on the 
public network; 

means for redirecting the received client 
10 request to the Web server; 

means for scrubbing a Web page served by the 
Web server in response to the received client request, 
comprising means for replacing an address in the Web page 
that is not valid on the public network with an address 
15 that is valid on the public network; and 

means for serving the scrubbed Web page to the 

client . 



16. The gateway system according to Claim 15, 
further comprising: 

means for ascertaining rights of a user to 
access one or more devices on the private network; and 
5 means for serving a Web page to the client that 
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identifies each device on the private network for which 
the user has access rights, wherein the Web page includes 
a link to a Web server of each device on the private 
network for which the user has access rights. 

17. The gateway system according to Claim 16, 
further comprising means for accepting a user log- in 
request from the client, wherein the user log- in request 
includes an identification of the user. 

18. The gateway system according to Claim 16, 
wherein each link to a Web server includes a uniform 
resource locator (URL) for the gateway system that is 
valid on the public network and an identification of a 

5 gateway system port that is mapped to a respective Web 

server, and wherein each link is configured to send a 
request to a respective Web server via the gateway system 
at an identified gateway system port. 

19. The gateway system according to Claim 15, 
wherein the means for scrubbing a Web page comprises 
means for replacing an address in the Web page that is 
valid only on the private network with a URL for the 

5 gateway system that is valid on the public network and an 

identification of a gateway system port that is mapped to 
the replaced address. 

20. The gateway system according to Claim 16, 
wherein the means for serving a Web page to the client 
comprises : 

means for scanning a range of private network 
5 addresses to identify Web servers listening on one or 
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more selected ports ; 

means for mapping each identified Web server to 
a respective gateway system port; and 

means for creating a Web page that contains a 
respective link to each gateway system port for each 
device for which the user has access rights. 

21. A gateway system that permits access to 
devices on a private network via a client on a public 
network, wherein each device includes a Web server having 
an address that is valid on the private network, but is 
not valid on the public network, wherein the gateway 
system comprises: 

means for ascertaining rights of a user to 
access one or more devices on the private network; 

means for serving a Web page to the client that 
identifies each device on the private network for which 
the user has access rights, wherein the Web page includes 
a link to a Web server of each device on the private 
network for which the user has access rights; 

means for receiving a request from the client 
to access a Web server of a device on the private network 
in response to user activation of a link on the Web page ; 

means for redirecting the received client 
request to the Web server; 

means for scrubbing a Web page served by the 
Web server in response to the received client request, 
comprising means for removing links to Web servers of 
devices for which the user does not have access rights; 
and 

means for serving the scrubbed Web page to the 

client . 
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22. The gateway system according to Claim 21, 
further comprising means for accepting a user log- in 
request from the client, wherein the user log-in request 
includes an identification of the user. 

23. The gateway system according to Claim 21, 
wherein the means for scrubbing a Web page further 
comprises means for replacing an address in the Web page 
that is not valid on the public network with an address 
that is valid on the public network. 

24. The gateway system according to Claim 21, 
wherein each link to a Web server includes a uniform 
resource locator (URL) for the gateway system that is 
valid on the public network and an identification of a 
gateway system port that is mapped to a respective Web 
server, and wherein each link is configured to send a 
request to a respective Web server via the gateway system 
at an identified gateway system port. 

25. The gateway system according to Claim 21, 
wherein the means for serving a Web page to the client 
comprises : 

means for scanning a range of private network 
addresses to identify Web servers listening on one or 
more selected ports, - 

means for mapping each identified Web server to 
a respective gateway system port; and 

means for creating a Web page that contains a 
respective link to each gateway system port for each 
device for which the user has access rights. 
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26. A gateway system that permits access to 
devices on a private network via a client on a public 
network, wherein each device includes a Web server having 
an address that is valid on the private network, but is 
not valid on the public network, wherein the gateway 
system comprises : 

means for ascertaining rights of a user to 
access one or more devices on the private network; 

means for serving a Web page to the client that 
identifies each device on the private network for which 
the user has access rights, wherein the Web page includes 
a link to a Web server of each device on the private 
network for which the user has access rights, wherein 
each link to a Web server includes a uniform resource 
locator (URL) for the gateway system that is valid on the 
public network and an identification of a gateway system 
port that is mapped to a respective Web server, and 
wherein each link is configured to send a request to a 
respective Web server via the gateway system at an 
identified gateway system port; 

means for receiving a request from the client 
to access a Web server of a device on the private network 
in response to user activation of a link on the Web page; 

means for redirecting the received client 
request to the Web server; 

means for scrubbing a Web page served by the 
Web server in response to the received client request, 
comprising : 

means for removing links to Web servers of 
devices for which the user does not have access 
rights; and 

means for replacing an address in the Web 
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page that is not valid on the public network 
with an address that is valid on the public 
network; and 

means for serving the scrubbed Web page to the 

client . 

27. The gateway system according to Claim 26, 
further comprising means for accepting a user log- in 
request from the client prior to ascertaining rights of 
the user, wherein the user log- in request includes an 
identification of the user. 

28. The gateway system according to Claim 26, 
wherein the means for serving a Web page to the client 
comprises : 

means for scanning a range of private network 
addresses to identify Web servers listening on one or 
more selected ports; 

means for mapping each identified Web server to 
a respective gateway system port; and 

means for creating a Web page that contains a 
respective link to each gateway system port for each 
device for which the user has access rights. 

29. A computer program product that permits 
access to devices on a private network via a client on a 
public network, the computer program product comprising a 
computer usable storage medium having computer readable 
program code embodied in the medium, the computer 
readable program code comprising: 

computer readable program code that receives a 
request from the client to access a Web server of a 
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device on the private network, wherein the Web server has 
10 an address that is valid on the private network but is 

not valid on the public network; 

computer readable program code that redirects 

the received client request to the Web server; 

computer readable program code that scrubs a 
15 Web page served by the Web server in response to the 

received client request, comprising computer readable 

program code that replaces an address in the Web page 

that is not valid on the public network with an address 

that is valid on the public network; and 
20 computer readable program code that serves the 

scrubbed Web page to the client. 

30. The computer program product according to 
Claim 29, further comprising: 

computer readable program code that ascertains 
rights of a user to access one or more devices on the 
5 private network; and 

computer readable program code that serves a 
Web page to the client that identifies each device on the 
private network for which the user has access rights, 
wherein the Web page includes a link to a Web server of 
10 each device on the private network for which the user has 

access rights. 

31. The computer program product according to 
Claim 30, further comprising computer readable program 
code that accepts a user log-in request from the client, 
wherein the user log- in request includes an 

5 identification of the user. 
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32. The computer program product according to 
Claim 30, wherein each link to a Web server includes a 
uniform resource locator (URL) for a gateway on the 
private network that is valid on the public network and 

5 an identification of a gateway port that is mapped to a 

respective Web server, and wherein each link is 
configured to send a request to a respective Web server 
via the gateway at an identified gateway port. 

33. The computer program product according to 
Claim 29, wherein the computer readable program code that 
scrubs a Web page comprises computer readable program 
code that replaces an address in the Web page that is 

5 valid only on the private network with a URL for a 

gateway on the private network that is valid on the 
public network and an identification of a gateway port 
that is mapped to the replaced address. 

34 . The computer program product according to 
Claim 30, wherein the computer readable program code that 
serves a Web page to the client comprises: 

computer readable program code that scans a 
5 range of private network addresses to identify Web 

servers listening on one or more selected ports; 

computer readable program code that maps each 
identified Web server to a respective port of a gateway 
on the private network; and 
10 computer readable program code that creates a 

Web page that contains a respective link to each gateway 
port for each device for which the user has access 
rights . 
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35. A computer program product that permits 
access to devices on a private network via a client on a 
public network, wherein each device includes a Web server 
having an address that is valid on the private network, 
5 but is not valid on the public network, the computer 

program product comprising a computer usable storage 
medium having computer readable program code embodied in 
the medium, the computer readable program code 
comprising : 

10 computer readable program code that ascertains 

rights of a user to access one or more devices on the 
private network; 

computer readable program code that serves a 
Web page to the client that identifies each device on the 

15 private network for which the user has access rights, 

wherein the Web page includes a link to a Web server of 
each device on the private network for which the user has 
access rights; 

computer readable program code that receives a 

20 request from the client to access a Web server of a 

device on the private network in response to user 
activation of a link on the Web page; 

computer readable program code that redirects 
the received client request to the Web server; 

25 computer readable program code that scrubs a 

Web page served by the Web server in response to the 
received client request, comprising computer readable 
program code that removes links to Web servers of devices 
for which the user does not have access rights; and 

30 computer readable program code that serves the 

scrubbed Web page to the client. 
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36. The computer program product according to 
Claim 35, further comprising computer readable program 
code that accepts a user log- in request from the client, 
wherein the user log- in request includes an 
identification of the user. 

37. The computer program product according to 
Claim 35, wherein the computer readable program code that 
scrubs a Web page further comprises computer readable 
program code that replaces an address in the Web page 
that is not valid on the public network with an address 
that is valid on the public network. 

38. The computer program product according to 
Claim 35, wherein each link to a Web server includes a 
uniform resource locator (URL) for a gateway on the 
private network that is valid on the public network and 
an identification of a gateway port that is mapped to a 
respective Web server, and wherein each link is 
configured to send a request to a respective Web server 
via the gateway at an identified gateway port. 

39. The computer program product according to 
Claim 3 5 wherein the computer readable program code that 
serves a Web page to the client comprises: 

computer readable program code that scans a 
range of private network addresses to identify Web 
servers listening on one or more selected ports; 

computer readable program code that maps each 
identified Web server to a respective port of a gateway 
on the private network; and 

computer readable program code that creates a 
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Web page that contains a respective link to each gateway- 
port for each device for which the user has access 
rights . 

40. A computer program product that permits 
access to devices on a private network via a client on a 
public network, wherein each device includes a Web server 
having an address that is valid on the private network, 
5 but is not valid on the public network, the computer 

program product comprising a computer usable storage 
medium having computer readable program code embodied in 
the medium, the computer readable program code 
comprising : 

10 computer readable program code that ascertains 

rights of a user to access one or more devices on the 
private network; 

computer readable program code that serves a 
Web page to the client that identifies each device on the 

15 private network for which the user has access rights, 

wherein the Web page includes a link to a Web server of 
each device on the private network for which the user has 
access rights, wherein each link to a Web server includes 
a uniform resource locator (URL) for a gateway on the 

20 private network that is valid on the public network and 

an identification of a gateway port that is mapped to a 
respective Web server, and wherein each link is 
configured to send a request to a respective Web server 
via the gateway system at an identified gateway port ; 

25 computer readable program code that receives a 

request from the client to access a Web server of a 
device on the private network in response to user 
activation of a link on the Web page ; 
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computer readable program code that redirects 

the received client request to the Web server ; 

computer readable program code that scrubs a 

Web page served by the Web server in response to the 

received client request, comprising: 

computer readable program code that 
removes links to Web servers of devices for 
which the user does not have access rights; and 

computer readable program code that 
replaces an address in the Web page that is not 
valid on the public network with an address 
that is valid on the public network; and 
computer readable program code that serves the 

scrubbed Web page to the client. 

41. The computer program product according to 
Claim 40, further comprising computer readable program 
code that accepts a user log-in request from the client 
prior to ascertaining rights of the user, wherein the 
user log-in request includes an identification of the 
user . 

42. The computer program product according to 
Claim 40, wherein the computer readable program code that 
serves a Web page to the client comprises: 

computer readable program code that scans a 
range of private network addresses to identify Web 
servers listening on one or more selected ports; 

computer readable program code that maps each 
identified Web server to a respective gateway port; and 

computer readable program code that creates a 
Web page that contains a respective link to each gateway 



Attorney Docket No. 9204-10 

port for each device for which the 
rights . 



